Appl.No. 09/998,914 

Amdt. dated September 18, 2007 

Reply to Office Action of June 22, 2007 



PATENT 



REMARKS/ARGUMENTS 

Prior to the entry of this Amendment, claims 1, 2, 4, 6-11, 13, 20, 21, 23, 25-27 
and 42-57 were pending in this application. Claims 1, 4, 6-10, 13, 20, 23, 25, 26, 42-45, and 47- 
57 have been amended, no claims have been added, and no claims have been canceled herein. 
Therefore, claims 1, 2, 4, 6-11, 13, 20, 21, 23, 25-27 and 42-57 remain pending in this 
application. Applicant respectfully requests reconsideration of these claims for at least the 
reasons presented below. 

35 U.S.C. $ 103 Rejection, Elly in view of Fox 

In the Office Action claims 1, 2, 4, 6-11, 13, 20, 21, 23, 25-27, 42-56 have been 
rejected under 35 U.S.C.§ 103(a) as being unpatentable over U. S. Patent Application No. 
7,058,798 Bl to Elley et al. (hereinafter "Elley"), in view of U.S. Patent No. 6,842,863 Bl to Fox 
et al. (hereinafter "Fox"). The Applicants respectfully submit that the Office Action does not 
establish a prima facie case of obviousness in rejecting these claims, as amended. Therefore, the 
Applicants request reconsideration and withdrawal of the rejection. 

In order to establish a prima facie case of obviousness, the Office Action must 
establish: 1) some suggestion or motivation, either in the references themselves or in the 
knowledge generally available to one of ordinary skill in the art, to modify the references or 
combine their teachings; 2) a reasonable expectation of success of such a modification or 
combination; and 3) a teaching or suggestion in the cited prior art of each claimed limitation. 
See MPEP §706.02(j). As will be discussed below, the references cited by the Office Action do 
not teach or suggest each claimed limitation. 

Elley is directed to relates generally to "authorization for access to a resource 
between entities in a network, and more particularly to the maintenance of credentials required 
for access to the resource." (Col. 1, lines 26-29) However, as the Office Action correctly points 
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out, Elley does not teach or suggest determining whether to check the status of a certificate in 
real time. (Office Action page 3) Rather, under Elley "the entity that has the burden of gathering 
the credentials, pro-actively refreshes the credentials and keeps them current." (Col. 3, lines 44- 
46) That is, the entity that has the burden of gathering the credentials, i.e., the presenter of the 
credentials, periodically refreshes the credentials upon the occurrence of a trigger event and 
saves the credential to be presented for authentication. (Col. 3, line 61 - col. 4, line 41) Thus, 
Elley does not teach or suggest determining whether to check the status of a certificate in real 
time. 

Furthermore, Elley fails to teach or suggest other claimed elements related to 
checking the status of a certificate in real time. For example, Elley does not teach or suggest 
retrieving a certificate and a real time status for the certificate from a certificate authority and 
storing the certificate and said real time status in an identity system, wherein the certificate 
authority is external to the identity system. Elley also does not teach or suggest receiving at the 
identity system a request to export the certificate and determining with the identity system 
whether to check a status for said certificate. Elley does not teach or suggest wherein 
determining whether to check the status for the certificate comprises querying a parameter field 
in the identity system. Elley fails to teach or suggest in response to determining to check the 
status for said certificate, determining with the identity system whether to check the status for the 
certificate in real time. Elley also does not teach or suggest wherein determining whether to 
check the status for the certificate in real time comprises querying a parameter field in the 
identity system. It is noted that the Office Action introduces Fox to demonstrate a teaching of 
determining whether to check the status of a certificate in real time. 

Fox is directed to "using a certificate authority to first provide a customer with a 
digital certificate, and then having a relying third party who receives that digital certificate from 
the customer access a status authority (the certificate authority or a designated agent of the 
certificate authority) to receive a second, reissued digital certificate on the first digital certificate 
or its public key." (Col. 2, lines 19-25) Under Fox an end entity obtains a certificate from a 
certificate authority. (Col. 4, line 64 - col. 5, line 3) Upon initiation of a transaction, the end 
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entity presents this certificate to a relying party for authentication. (Col. 5, lines 37-40) The 
relying party, based on execution of its own policy engine, then determines whether to check the 
status of this certificate. (Col. 5, lines 43-47) Based on the relying party's policies, "the relying 
party accesses a status authority (i.e., the certificate authority or a designated agent thereof) to 
receive a second, 'reissued' digital certificate on the digital certificate." (Col. 5, lines 57-60) 

However, Fox does not teach or suggest, alone or in combination with Elley, all 
of the claimed elements. For example, Fox fails to teach or suggest retrieving a certificate and a 
real time status for the certificate from a certificate authority and storing the certificate and said 
real time status in an identity system, wherein the certificate authority is external to the identity 
system. Under Fox, two embodiments are disclosed. In one, the certificate authority acts as the 
status authority and in the second, the status authority is a designated agent of the certificate 
authority. (Col. 5, lines 57-59) However, the status authority does not retrieve a certificate and a 
real time status for the certificate from the certificate authority and store the certificate and real 
time status. Rather, the status authority, whether it is the certificate authority or an agent thereof, 
in response to the request from the relying party, issues a new certificate. (Col. 7, lines 19-25) 

Fox also fails to teach or suggest receiving at the identity system a request to 
export the certificate and determining with the identity system whether to check a status for said 
certificate. Under Fox, neither the certificate authority nor the status authority determine 
whether to check the status for the certificate. Rather, the relying party's policy engine makes 
this determination. (Col. 5, lines 43-47) The certificate authority and the status authority of Fox 
simply reply to requests from the end entity or the relying party by issuing certificates. Thus, 
Fox also fails to teach or suggest wherein determining whether to check the status for the 
certificate comprises querying a parameter field in the identity system, in response to 
determining to check the status for said certificate, determining with the identity system whether 
to check the status for the certificate in real time, and wherein determining whether to check the 
status for the certificate in real time comprises querying a parameter field in the identity system. 
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Independent claims 1 and 20, upon which claims 2, 4, 6, 8, 9, 11, 13, 21, 23, and 
25-27 depend, both recite in part "retrieving a certificate and a real time status for the certificate 
from a certificate authority; storing the certificate and said real time status in an identity system, 
wherein the certificate authority is external to the identity system; storing validation information 
for said certificate in the identity system, wherein said validation information includes an 
identifier of a time said real time status was retrieved and a validation interval for said real time 
status; receiving at the identity system a request to export the certificate; determining with the 
identity system whether to check a status for said certificate, wherein determining whether to 
check the status for the certificate comprises querying a parameter field in the identity system; 
and in response to determining to check the status for said certificate, determining with the 
identity system whether to check the status for the certificate in real time, wherein determining 
whether to check the status for the certificate in real time comprises querying a parameter field in 
the identity system." Neither Elley nor Fox, alone or in combination, teaches or suggests 
retrieving a certificate and a real time status for the certificate from a certificate authority and 
storing the certificate and said real time status in an identity system, wherein the certificate 
authority is external to the identity system; receiving at the identity system a request to export the 
certificate and determining with the identity system whether to check a status for said certificate; 
wherein determining whether to check the status for the certificate comprises querying a 
parameter field in the identity system; in response to determining to check the status for said 
certificate, determining with the identity system whether to check the status for the certificate in 
real time; and wherein determining whether to check the status for the certificate in real time 
comprises querying a parameter field in the identity system. For at least these reasons, claims 1 , 
2, 4, 6, 8, 9, 11, 13, 20, 21, 23, and 25-27 should be allowed. 

Similarly, claim 42, upon which claims 43-49 depend, and claim 50, upon which 
claims 51-57 depend, both recite in part "retrieving a certificate and a real time status for the 
certificate from a certificate authority; storing the certificate and the real time status in an 
identity system, wherein the certificate authority is external to the identity system; storing 
validation information for the certificate in the identity system, wherein the validation 
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information includes an identifier of a time the real time status was retrieved and a validation 
interval for the real time status; receiving at the identity system a request to export the certificate; 
determining with the identity system whether to check a status for the certificate; in response to 
determining to not check the status for the certificate, exporting the certificate from the identity 
system without checking the status for the certificate; in response to determining to check the 
status for the certificate, determining with the identity system whether to check the status for the 
certificate in real time; and in response to determining to check the status for the certificate in 
real time, retrieving a new real time status for the certificate from the certificate authority." 
Neither Elley nor Fox, alone or in combination, teaches or suggests retrieving a certificate and a 
real time status for the certificate from a certificate authority and storing the certificate and said 
real time status in an identity system, wherein the certificate authority is external to the identity 
system; receiving at the identity system a request to export the certificate and determining with 
the identity system whether to check a status for said certificate; and in response to determining 
to check the status for said certificate, determining with the identity system whether to check the 
status for the certificate in real time. For at least these reasons, claims 42-57 should be allowed. 

Furthermore, dependent claims 48, 49, 56, and 57 are thought to be allowable for 
additional reasons. For example, neither Elley nor Fox, alone or in combination, teaches or 
suggests wherein determining whether to check the status for the certificate comprises querying a 
parameter field in the identity system as recited in claims 48 and 56. Similarly, neither Elley nor 
Fox, alone or in combination, teaches or suggests wherein determining whether to check the 
status for the certificate in real time comprises querying a parameter field in the identity system 
as recited in claims 49 and 57. For at least these additional reasons, claims 48, 49, 56, and 57 
should be allowed. 
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CONCLUSION 



In view of the foregoing, Applicants believe all claims now pending in this 
Application are in condition for allowance. The issuance of a formal Notice of Allowance at an 
early date is respectfully requested. 



If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 303-571-4000. 



Respectfully submitted, 



/William J. Daley/ 
William J. Daley 
Reg. No. 52,471 

TOWNSEND and TOWNSEND and CREW LLP 
Two Embarcadero Center, Eighth Floor 
San Francisco, California 941 1 1-3834 
Tel: 303-571-4000 
Fax: 415-576-0300 
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